Re: Well, that came completely out of the blue
....and in other news they have worked out where bear defecate
11 publicly visible posts • joined 24 Jun 2010
Would be really more helpful if people actually shared details of the malware ....new version of what family?...what's new? I know they dont want to admit either employee X click on a link in the email or opened an attachment, or we left RDP, SSH or some other unsecured service open to the internet but a little detail to help the community (I know I'm a dreamer)
"No clue about VLANs, no clue about if it has STP, or trunking, or anything."
Yes you do - if you have access to the attached switches/devices to the core then you have the other half of the config. Totally agree with the previous comments on the mgmt side should ensure this situation doesn't happen, and backups (all things fail human and silicon) but as a network guy with 20yrs +, STP is a mutual thing as should be the vlan and trunking (packet sniffer will show up most of this). You will need down time for the replacement but hunt for the clues first on the wire and attached devices first if you really are situation. You should not get in to this situation and is bad working practise from all parties, it is a fire fight but not all is lost (if you do not know what your core switch is doing for your critical traffic with out seeing the config please find the door....oh you cant do that with out being provided a map I see your problem!)
100% agreed - looked at nginx last year and tried to see if we could replace our F5 setups and while it covered the basic functionality and some traffic manipulation their sales engineers in the end admitted it couldn't replicate the config....this said they cost a pretty penny but are usually rock solid devices which do what they say on the tin.
When I read the article title it was a brown trouser moment thinking I was about to have a long weekend but the title did not match the content (dont use AFM)
Per the THC site:
"No real solutions exists. The following steps can mitigate (but not solve)
the problem:
1. Disable SSL-Renegotiation
2. Invest into SSL Accelerator
Either of these countermeasures can be circumventing by modifying
THC-SSL-DOS."
Surely then just limiting connection based upon src IP with renegotiation is a mitigation that can't be circumvented....unless you can spoof the traffic